Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it.
Last week, netizens using Parity's multi-signature wallets – which each require more than one person …

Re: Nothing is lost

So your suggestion for "fixing" a third party developers clusterfuck is to unwind ~5 months of transactions, hard fork the blockchain, and then unicorns?

How about instead Parity gets sued for incompetence and goes bust?

Those wallets aren't "frozen", like some bank account under sanctions. They appear to have had another user added to the required signatories, then that user has been deleted. Thus the required signatures can never be obtained.

Re: Nothing is lost

"Question: If you can unwind transactions with the agreement of just 51% of users, doesn't that suggest that 51% of users could get together to defraud the other 49%?"

That's the basic principle of any blockchain. That's also the promise behind it as it makes it more democratic than a centrally managed system... in theory. However since people can just buy more processing power, the power over the system will be more and more centralized as we see with Bitcoin.

"Ethereum prices are currently $330 per coin...

This community *does* deserve everything that happens to them. Reminds one of the immortal passage from Mackay's Memoirs of Extraordinary Popular Delusions:

"But the most absurd and preposterous of all, and which shewed, more completely than any other, the utter madness of the people, was one started by an unknown adventurer, entitled "A company for carrying on an undertaking of great advantage, but nobody to know what it is." Were not the fact stated by scores of credible witnesses, it would be impossible to believe that any person could have been duped by such a project. Next morning, at nine o'clock, this great man opened an office in Cornhill. Crowds of people beset his door, and when he shut up at three o'clock, he was thus, in five hours, the winner of 2000l. He was philosopher enough to be contented with his venture, and set off the same evening for the Continent. He was never heard of again"

Re: "Ethereum prices are currently $330 per coin...

Huh, what a coincidence, I started reading that book last night. Opening paragraph gave me chills, aside from the more florid victorian vocabulary it could have been written last week about Trump's America :O

IN READING THE HISTORY OF NATIONS, we find that, like individuals, they have their whims and their peculiarities; their seasons of excitement and recklessness, when they care not what they do. We find that whole communities suddenly fix their minds upon one object, and go mad in its pursuit; that millions of people become simultaneously impressed with one delusion, and run after it, till their attention is caught by some new folly more captivating than the first. We see one nation suddenly seized, from its highest to its lowest members, with a fierce desire of military glory; another as suddenly becoming crazed upon a religious scruple; and neither of them recovering its senses until it has shed rivers of blood and sowed a harvest of groans and tears, to be reaped by its posterity.

@Martin Gregorie

They'll just pester the devs to include a fix that'll give them the wallets back.

Ethereum. Where the code is the contract. Mostly. Except where we fuck up the code and need to override the contract.

If you don't like that, you'll want Ethereum Classic instead. They're more 'If you write a contract and shovel hundreds of millions of dollars into it and oops you didn't consider an edge case and someone finds it? Too bad for you. Hire a few testers or competent coders ffs'

It won't be long before someone tries to use an Ethereum contract to enforce a business contract... which will be wrong, and will be taken to court, and the judge will say, "You can't do that, give them their money back", and won't accept, "but code!" for an answer.

Change to code to require only majority of signatories?

I know enough about cryptocurrencies to know that I dont know enough, but would it be possible to modify the Eth codebase so that multisig contracts only require the consent of the majority of signatories rather than all of them and thus be able to unlock the wallets that way?

Then once they are unlocked and moved to a safer wallet the codechange can be reverted?

Re: Change to code to require only majority of signatories?

Presumably, a fix along these lines is not available. In order for these contracts to be at all credible, they have to be resistant to certain classes of modifications. AFAIK, the entire point of a blockchain is that all future changes depend on prior ones--the only way to go back is to recompute every hash in the chain since the offender. In a case like this, where there is no dispute as to who should be the owner of the coins, there should be some constructive solutions that the community can support.

Scarcity Value!

Still beating this drum.

Blockchain is an incredible technology that is going to make huge changes. Eventually. But we've got this weird situation where we have entered the early phases of explosive hype growth while the technology is still very much in an exploratory phase. The folks using it now are not "early adopters"--there is nothing really to adopt just yet. They are speculators. The engineering work to figure out just what this technology can and should be made to do is really just beginning. But since the hype has overtaken things already, the serious workers are being swamped with the usual circus acts. I expect that it is going to take some major fails (as if what we've already seen does not count!) to get folks to understand just how hard this class of programming really is.

Jeebuz....

"However, rather than just having more audits, we strongly believe that more extensive and formal procedures and tooling around the deployment, monitoring and testing of contracts will be needed to achieve security. We believe that the entire ecosytem as a whole is in urgent need of such procedures and tooling to prevent similar issues from happening again, in particular if and when the number and complexity of live contracts grows."

Gee, ya f__king think? It didn't occur to you *before*, that top notch security would be necessary in order to reliably handle other people's money?

Yet Another startup "discovers" formal development process can be quit useful.

Good thing it's not working on anything important or a lot of peoples cash could be seriously f**ked up.

IBM federal Systems developed the process to do this in the 1970's.

1)Do code audits which a)Record bugs but don't fix them on the fly and b)Find bugs, don't blame developers

2)Identify if there are bug "patterns" of error prone (or just wrong) code

3) Use those patterns to scan the whole code base for other examples and fix those before going back into retest

No "deep learning." No neural networks. Just small teams eyeballing the code and writing pattern recognition scripts fed from a code repository where all code changes were tracked by developer and date/time on a line by line basis. SoA in the mid 70's but today....

Of course that was for a code base in MB, when a 1 MHz 32bit processor with 1MB of RAM was screaming performance at a Rolls Royce cost.

You'd think in 2017 people could do a bit better, wouldn't you?

Yet with single processors several 1000x faster and memory several 1000x bigger, with potentially massive MIPS (GIPS?) available on demand, apparently not. :-( .

Re: Yet Another startup "discovers" formal development process can be quit useful.

There are big companies handling large amounts of money with no need for serious formalities. Systems are so completely broken that there's not even a starting or ending point for fixing anything. Replacement is the only cure and it would require essentially rebuilding and re-launching the company. Or... just keep patching stuff that generates the most complaints. These companies have high employee turnover rates so it's easy to blame "the big one" on inherited problems.

Re: Yet Another startup "discovers" formal development process can be quit useful.

I see you noted the increase in computational power over the last 40 years. Did you also notice the increase in program size? What you are talking about is a human process involving tribal knowledge. Neither fully scales. What does scale are changes in what we are allowed to do in the first place. Tired of fails for zero-terminated strings? Use counted strings. Tired of fence post errors when enumeration collections? Use iterators specific to the collection. Memory leaks are much less of a problem with garbage collection. And so on.

Unfortunately, I don't see any of this built into the Etherium VM. This would be great comedy if the stakes were not so high.